Another day, another data breach notification

Just when you think the US Federal and Intelligence agencies were done being breached. This happens. The Defense Information Systems Administration (DISA) has suffered a compromise of epic proportions. Will the madness ever end? The apologies are even hitting rock bottom. Used to be they would cover credit monitoring. Not anymore. Then again, I'm covered with the 10 that I already have...

Re: Another day, another data breach notification

The letter does state that they will provide credit monitoring, with details to arrive under separate cover -- but you are correct that the mitigation burden is increasingly on the victim. It does seem as if there is now a de facto data-breach process that has a very low cost to the breached party.

If one wants to stop breaches, the cost of remediation needs to exceed the cost of protecting the data in the first place. Perhaps, legislating a check to each victim instead of just a letter.

Social Media

All contents of this site constitute the property of (ISC)², Inc. and may not be copied, reproduced or distributed without prior written permission. (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered certification marks of (ISC)², Inc.